Zebra is a fully permissionless and composable decentralized exchange built on Scroll.

Risk Rating

Moderate Risk
Assessment: 2024-03-27
Risk Assessment
Security History

Overall Score

  • Assessor
    Kop, Supergu
  • Assessment Date
Not yet undergone Underwriting review

The protocol features robust technical attributes, including immutable smart contracts and a high volume of transactions, audited by reputable firms which enhance its reliability. However, it is hindered by inadequate documentation, lack of internal testing, and no pause mechanism, posing risks to operational control. Economically, while it avoids token-related risks and uses a proven AMM formula, its recent launch raises concerns over its untested market resilience and the quality of listed tokens. Operationally, low legal risks contrast with governance concerns due to minimal team transparency and centralized control.


As the project is a fork of Uniswap v2, its AMM formula benefits from extensive real-world testing, enhancing its reliability.
The absence of a token in the system eliminates associated token-related risks.
Launched in Oct 2023, the protocol has not yet been tested in extreme market situations.
There is no whitelist mechanism for listings, which could lead to a broader spectrum of assets being traded but also raises concerns regarding the quality and legitimacy of listed tokens.


Faces relatively low legal and regulatory risks, which may ease operational hurdles.
The protocol was recently launched, having been operational for only 50 days, which suggests a nascent stage in its development and market presence.
The team behind the protocol lacks transparency, raising concerns regarding their operational practices and governance structures.


The smart contracts are designed to be immutable, thereby eliminating any centralized risk associated with upgradability.
The platform exhibits a notably high volume of daily transactions, indicating robust user engagement and activity.
The documentation provided is inadequate for comprehensive understanding or verification.
The system lacks a built-in pause mechanism, which raises concerns regarding operational control and emergency response.